tls.man at [48ff08f855]

File doc/tls.man artifact ec44612f22 part of check-in 48ff08f855


[comment {-*- tcl -*- doctools manpage}]
[comment {To convert this to another documentation format use the dtplite
          script from tcllib: dtplite -o tls.n nroff tls.man
                              dtplite -o tls.html html tls.man
}]
[manpage_begin tls n 1.8]
[category tls]
[copyright {1999 Matt Newman}]
[copyright {2004 Starfish Systems}]
[copyright {2024 Brian O'Hagan}]
[keywords tls I/O "IP Address" OpenSSL SSL TCP TLS "asynchronous I/O" bind certificate channel connection "domain name" host "https" "network address" network socket TclTLS]
[moddesc {Tcl TLS extension}]
[see_also http socket [uri https://www.openssl.org/ OpenSSL]]
[titledesc {binding to the OpenSSL library for encrypted socket and I/O channel communications}]
[require Tcl 8.5-]
[require tls 1.8]
[description]

This extension provides TCL script access to secure socket communications
using the Transport Layer Security (TLS) protocol. It provides a generic
binding to [uri "https://www.openssl.org/" OpenSSL], utilizing the
[syscmd Tcl_StackChannel] API in TCL 8.4 and higher.
These sockets behave exactly the same as channels created using the built-in
[syscmd socket] command, along with additional options for controlling
the SSL/TLS session.

[section Commands]

Typically one would use the [cmd tls::socket] command to create a new encrypted
TCP socket. It is compatible with the native TCL [syscmd ::socket] command.
Alternatively for an existing TCP socket, the [cmd tls::import] command can be
used to start TLS on the connection.

[list_begin definitions]

[call [cmd tls::init] [opt [arg -option]] [opt [arg value]] [opt [arg "-option value ..."]]]

Optional function to set the default options used by [cmd tls::socket]. If you
call [cmd tls::import] directly, this command has no effect. This command
supports all of the same options as the [cmd tls::socket] command, though you
should limit your options to only TLS related ones.

[call [cmd tls::socket] [opt [arg -option]] [opt [arg value]] [opt [arg "-option value ..."]] [arg host] [arg port]]

This is a helper function that utilizes the underlying commands [syscmd socket]
and [cmd tls::import] to create the connection. It behaves the same as the
native TCL [syscmd socket] command, but also supports the [cmd tls:import]
command options with one additional option. It returns the channel handle id
for the new socket.

[list_begin options]

[opt_def -autoservername [arg bool]]
If [const true], automatically set the [option -servername] argument to the
[emph host] argument. Default is [const false].

[list_end]

[call [cmd tls::socket] [option -server] [arg command] [opt [arg -option]] [opt [arg value]] [opt [arg "-option value ..."]] [arg port]]

Same as previous, but instead creates a server socket for clients to connect to
just like the Tcl [syscmd "socket -server"] command. It returns the channel
handle id for the new socket.

[call [cmd tls::import] [arg channel] [opt [arg -option]] [opt [arg value]] [opt [arg "-option value ..."]]]

Start TLS encryption on TCL channel [arg channel] via a stacked channel. It
need not be a socket, but must provide bi-directional flow. Also sets session
parameters for SSL handshake. Valid options are:

[list_begin options]

[opt_def -alpn [arg list]]
List of protocols to offer during Application-Layer Protocol Negotiation
(ALPN). For example: [const h2] and [const http/1.1], but not [const h3] or
[const quic].

[opt_def -cadir [arg directory]]
Specifies the directory where the Certificate Authority (CA) certificates are
stored. The default is platform specific and can be set at compile time. The
default location can be overridden by the [var SSL_CERT_DIR] environment
variable. See [sectref "Certificate Validation"] for more details.

[opt_def -cafile [arg filename]]
Specifies the file with the Certificate Authority (CA) certificates to use.
The default is [file cert.pem], in the OpenSSL directory. The default file can
be overridden by the [var SSL_CERT_FILE] environment variable. See
[sectref "Certificate Validation"] for more details.

[opt_def -castore [arg URI]]
Specifies the Uniform Resource Identifier (URI) for the Certificate Authority
(CA) store, which may be a single container or a catalog of containers.
Starting with OpenSSL 3.2 on Windows, set to "[const "org.openssl.winstore://"]"
to use the built-in Windows Certificate Store. This store only supports root
certificate stores. See [sectref "Certificate Validation"] for more details.

[opt_def -certfile [arg filename]]
Specifies the name of the file with the certificate in PEM format to use
as the local (client or server) certificate. It also contains the public key.

[opt_def -cert [arg string]]
Specifies the certificate to use as a DER encoded string (X.509 DER).

[opt_def -cipher [arg string]]
Specifies the list of ciphers to use for TLS 1.2 and earlier connections.
String is a colon "[const :]" separated list of ciphers.
Ciphers can be combined using the "[const +]" character.
Prefixes can be used to permanently remove "[const !]", delete "[const -]", or
move to the end "[const +]" a specified cipher.
Keywords [const @STRENGTH] (sort by algorithm key length),
[const @SECLEVEL=][emph n] (set security level to n), and
[const DEFAULT] (use default cipher list, at start only) can also be specified.
See the [uri "https://docs.openssl.org/master/man1/openssl-ciphers/#options" OpenSSL]
documentation for the full list of valid values.

[opt_def -ciphersuites [arg string]]
Specifies the list of cipher suites to use for TLS 1.3 as a colon
"[const :]" separated list of cipher suite names. See the
[uri "https://docs.openssl.org/master/man1/openssl-ciphers/#options" OpenSSL]
documentation for the full list of valid values.

[opt_def -command [arg callback]]
Specifies the callback command to be invoked at several points during the
handshake to pass errors, tracing information, and protocol messages.
See [sectref "Callback Options"] for more info.

[opt_def -dhparams [arg filename]]
Specifies the Diffie-Hellman (DH) parameters file.

[opt_def -keyfile [arg filename]]
Specifies the private key file. The default value is to use the file
specified by the [arg -certfile] option.

[opt_def -key [arg string]]
Specifies the private key to use as a DER encoded string (PKCS#1 DER).

[opt_def -model [arg channel]]
Force this channel to share the same [term SSL_CTX] structure as the
specified [arg channel], and therefore share config, callbacks, etc.

[opt_def -password [arg callback]]
Specifies the callback command to invoke when OpenSSL needs to obtain a
password. This is typically used to unlock the private key of a certificate.
The callback should return a password string. See [sectref "Callback Options"]
for more info.

[opt_def -post_handshake [arg bool]]
Allow post-handshake session ticket updates.

[opt_def -request [arg bool]]
Request a certificate from peer during the SSL handshake. This is needed to do
Certificate Validation. Default is [const true].
See [sectref "Certificate Validation"] for more details.

[opt_def -require [arg bool]]
Require a valid certificate from peer during the SSL handshake. If this is set to
true, then [option -request] must also be set to true and a either [option -cadir],
[option -cafile], [option -castore], or a platform default must be provided in order to
validate against. The default is [const false] since not all platforms have
certificates to validate against in a form compatible with OpenSSL.
See [sectref "Certificate Validation"] for more details.

[opt_def -security_level [arg integer]]
Specifies the security level (value from 0 to 5). The security level affects
the allowed cipher suite encryption algorithms, supported ECC curves,
supported signature algorithms, DH parameter sizes, certificate key sizes
and signature algorithms. The default is 1 prior to OpenSSL 3.2 and 2
thereafter. Level 3 and higher disable support for session tickets and
only accept cipher suites that provide forward secrecy.

[opt_def -server [arg bool]]
Specifies whether to act as a server and respond with a server handshake when a
client connects and provides a client handshake. The default is [const false].

[opt_def -servername [arg hostname]]
Specify the peer's hostname. This is used to set the TLS Server Name
Indication (SNI) extension. Set this to the expected servername in the
server's certificate or one of the Subject Alternate Names (SAN).

[opt_def -session_id [arg binary_string]]
Specifies the session id to resume a session. Not supported yet.

[opt_def -ssl2 [arg bool]]
Enable use of SSL v2. The default is [const false]. Note: Recent versions of
OpenSSL no longer support SSLv2, so this may not have any effect. See the
[cmd tls::protocols] command for supported protocols.
	
[opt_def -ssl3 [arg bool]]
Enable use of SSL v3. The default is [const false]. Note: Recent versions
of OpenSSL may have this disabled at compile time, so this may not have any
effect. See the [cmd tls::protocols] command for supported protocols.

[opt_def -tls1 [arg bool]]
Enable use of TLS v1. The default is [const true]. Note: TLS 1.0 needs
SHA1 to operate, which is only available in security level 0 for Open SSL 3.0+.
See the [arg -security_level] option.

[opt_def -tls1.1 [arg bool]]
Enable use of TLS v1.1. The default is [const true]. Note: TLS 1.1 needs
SHA1 to operate, which is only available in security level 0 for Open SSL 3.0+.
See the [arg -security_level] option.

[opt_def -tls1.2 [arg bool]]
Enable use of TLS v1.2. The default is [const true].

[opt_def -tls1.3 [arg bool]]
Enable use of TLS v1.3. The default is [const true].

[opt_def -validatecommand [arg callback]]
Specifies the callback command to invoke to validate the peer certificates
and other config info during the protocol negotiation phase. This can be used
by TCL scripts to perform their own Certificate Validation to supplement the
default validation provided by OpenSSL. The script must return a boolean true
to continue the negotiation. See [sectref "Callback Options"] for more info.

[list_end]

[call [cmd tls::unimport] [arg channel]]

Compliment to [cmd tls::import]. Used to remove the top level stacked channel
from [arg channel]. This unstacks the encryption of a regular TCL channel. An
error is thrown if TLS is not the top stacked channel type.

[call [cmd tls::handshake] [arg channel]]

Forces the TLS negotiation handshake to take place immediately, and returns 0
if handshake is still in progress (non-blocking), or 1 if the handshake was
successful. If the handshake failed, an error will be returned.

[call [cmd tls::status] [opt [option -local]] [arg channel]]

Returns the current status of an SSL channel. The result is a list of key-value
pairs describing the SSL, certificate, and certificate verification status. If
the SSL handshake has not yet completed, an empty list is returned. If the
[option -local] option is specified, then the local certificate is used. Returned
values include:

[para]

SSL Status

[list_begin definitions]

[def "[var alpn] [arg protocol]"]
The protocol selected after Application-Layer Protocol Negotiation (ALPN).

[def "[var cipher] [arg cipher]"]
The current cipher in use for the session.

[def "[var peername] [arg name]"]
The peername from the certificate.

[def "[var protocol] [arg version]"]
The protocol version used for the connection: SSL2, SSL3, TLS1, TLS1.1, TLS1.2, TLS1.3, or unknown.

[def "[var sbits] [arg n]"]
The number of bits used for the session key.

[def "[var signatureHashAlgorithm] [arg algorithm]"]
The signature hash algorithm.

[def "[var signatureType] [arg type]"]
The signature type value.

[def "[var verifyDepth] [arg n]"]
Maximum depth for the certificate chain verification. Default is -1, to check all.

[def "[var verifyMode] [arg list]"]
List of certificate verification modes.

[def "[var verifyResult] [arg result]"]
Certificate verification result.

[def "[var ca_names] [arg list]"]
List of the Certificate Authorities used to create the certificate.

[list_end]

Certificate Status

[list_begin definitions]

[def "[var all] [arg string]"]
Dump of all certificate info.

[def "[var version] [arg value]"]
The certificate version.

[def "[var serialNumber] [arg string]"]
The serial number of the certificate as a hex string.

[def "[var signature] [arg algorithm]"]
Cipher algorithm used for certificate signature.

[def "[var issuer] [arg string]"]
The distinguished name (DN) of the certificate issuer.

[def "[var notBefore] [arg date]"]
The beginning date of the certificate validity.

[def "[var notAfter] [arg date]"]
The expiration date of the certificate validity.

[def "[var subject] [arg string]"]
The distinguished name (DN) of the certificate subject. Fields include: Common
Name (CN), Organization (O), Locality or City (L), State or Province (S), and
Country Name (C).

[def "[var issuerUniqueID] [arg string]"]
The issuer unique id.

[def "[var subjectUniqueID] [arg string]"]
The subject unique id.

[def "[var num_extensions] [arg n]"]
Number of certificate extensions.

[def "[var extensions] [arg list]"]
List of certificate extension names.

[def "[var authorityKeyIdentifier] [arg string]"]
Authority Key Identifier (AKI) of the Issuing CA certificate that signed the
SSL certificate as a hex string. This value matches the SKI value of the
Intermediate CA certificate.

[def "[var subjectKeyIdentifier] [arg string]"]
Subject Key Identifier (SKI) hash of the public key inside the certificate as a
hex string. Used to identify certificates that contain a particular public key.

[def "[var subjectAltName] [arg list]"]
List of all of the Subject Alternative Names (SAN) including domain names, sub
domains, and IP addresses that are secured by the certificate.

[def "[var ocsp] [arg list]"]
List of all Online Certificate Status Protocol (OCSP) URLs that can be used to
check the validity of this certificate.

[def "[var certificate] [arg cert]"]
The PEM encoded certificate.

[def "[var signatureAlgorithm] [arg algorithm]"]
Cipher algorithm used for the certificate signature.

[def "[var signatureValue] [arg string]"]
Certificate signature as a hex string.

[def "[var signatureDigest] [arg version]"]
Certificate signing digest as a hex string.

[def "[var publicKeyAlgorithm] [arg algorithm]"]
Certificate signature public key algorithm.

[def "[var publicKey] [arg string]"]
Certificate signature public key as a hex string.

[def "[var bits] [arg n]"]
Number of bits used for certificate signature key.

[def "[var self_signed] [arg boolean]"]
Whether the certificate signature is self signed.

[def "[var sha1_hash] [arg hash]"]
The SHA1 hash of the certificate as a hex string.

[def "[var sha256_hash] [arg hash]"]
The SHA256 hash of the certificate as a hex string.

[list_end]

[call [cmd tls::connection] [arg channel]]

Returns the current connection status of an SSL channel. The result is a list
of key-value pairs describing the connection. Returned values include:

[para]

SSL Status

[list_begin definitions]

[def "[var state] [arg state]"]
State of the connection.

[def "[var servername] [arg name]"]
The name of the connected to server.

[def "[var protocol] [arg version]"]
The protocol version used for the connection: SSL2, SSL3, TLS1, TLS1.1, TLS1.2, TLS1.3, or unknown.

[def "[var renegotiation_allowed] [arg boolean]"]
Whether protocol renegotiation is supported or not.

[def "[var security_level] [arg level]"]
The security level used for selection of ciphers, key size, etc.

[def "[var session_reused] [arg boolean]"]
Whether the session has been reused or not.

[def "[var is_server] [arg boolean]"]
Whether the connection is configured as a server (1) or client (0).

[def "[var compression] [arg mode]"]
Compression method.

[def "[var expansion] [arg mode]"]
Expansion method.

[def "[var caList] [arg list]"]
List of Certificate Authorities (CA) for X.509 certificate.

[list_end]

Cipher Info

[list_begin definitions]

[def "[var cipher] [arg cipher]"]
The current cipher in use for the connection.

[def "[var standard_name] [arg name]"]
The standard RFC name of cipher.

[def "[var algorithm_bits] [arg n]"]
The number of processed bits used for cipher.

[def "[var secret_bits] [arg n]"]
The number of secret bits used for cipher.

[def "[var min_version] [arg version]"]
The minimum protocol version for cipher.

[def "[var cipher_is_aead] [arg boolean]"]
Whether the cipher is Authenticated Encryption with Associated Data (AEAD).

[def "[var cipher_id] [arg id]"]
The OpenSSL cipher id.

[def "[var description] [arg string]"]
A text description of the cipher.

[def "[var handshake_digest] [arg boolean]"]
Digest used during handshake.

[list_end]

Session Info

[list_begin definitions]

[def "[var alpn] [arg protocol]"]
The protocol selected after Application-Layer Protocol Negotiation (ALPN).

[def "[var resumable] [arg boolean]"]
Whether the session can be resumed or not.

[def "[var start_time] [arg seconds]"]
Time since session started in seconds since epoch.

[def "[var timeout] [arg seconds]"]
Max duration of session in seconds before time-out.

[def "[var lifetime] [arg seconds]"]
Session ticket lifetime hint in seconds.

[def "[var session_id] [arg binary_string]"]
Unique session id for use in resuming the session.

[def "[var session_ticket] [arg binary_string]"]
Unique session ticket for use in resuming the session.

[def "[var ticket_app_data] [arg binary_string]"]
Unique session ticket application data.

[def "[var master_key] [arg binary_string]"]
Unique session master key.

[def "[var session_cache_mode] [arg mode]"]
Server cache mode (client, server, or both).

[list_end]

[call [cmd tls::ciphers] [opt [arg protocol]] [opt [arg verbose]] [opt [arg supported]]]

Without any args, returns a list of all symmetric ciphers for use with the
[arg -cipher] option. With [arg protocol], only the ciphers supported for that
protocol are returned. See the [cmd tls::protocols] command for the supported
protocols. If [arg verbose] is specified as true then a verbose, human readable
list is returned with additional information on the cipher. If [arg supported]
is specified as true, then only the ciphers supported for protocol will be listed.

[call [cmd tls::protocols]]

Returns a list of the supported SSL/TLS protocols. Valid values are:
[const ssl2], [const ssl3], [const tls1], [const tls1.1], [const tls1.2], and
[const tls1.3]. Exact list depends on OpenSSL version and compile time flags.

[call [cmd tls::version]]

Returns the OpenSSL version string.

[list_end]


[section "Certificate Validation"]

[subsection "Summary of command line options"]

The following options are used for peer Certificate Validation:

[list_begin options]

[opt_def -cadir [arg directory]]
Specifies the directory where the Certificate Authority (CA) certificates are
stored. The default is platform specific, but is usually [file "/etc/ssl/certs"] on
Linux/Unix systems. The default location can be overridden by the
[var SSL_CERT_DIR] environment variable.

[opt_def -cafile [arg filename]]
Specifies the file with the Certificate Authority (CA) certificates to use in
[const PEM] file format. The default is [file cert.pem], in the OpenSSL directory. On
Linux/Unix systems, this is usually [file /etc/ssl/ca-bundle.pem]. The default file
can be overridden by the [var SSL_CERT_FILE] environment variable.

[opt_def -castore [arg URI]]
Specifies the Uniform Resource Identifier (URI) for the Certificate Authority
(CA) store, which may be a single container or a catalog of containers.
Starting with OpenSSL 3.2 on Windows, set to "[const "org.openssl.winstore://"]"
to use the built-in Windows Certificate Store. This store only supports root
certificate stores.

[opt_def -request [arg bool]]
Request a certificate from peer during the SSL handshake. This is needed to do
Certificate Validation. Default is [const true]. In addition, the
client can manually inspect and accept or reject each certificate using the
[arg -validatecommand] option.

[opt_def -require [arg bool]]
Require a valid certificate from peer during the SSL handshake. If this is set
to [const true], then [arg -request] must also be set to [const true] and either
[arg -cadir], [arg -cafile], [arg -castore], or a platform default must be
provided in order to validate against. The default is [const false] since not
all platforms have certificates to validate against in a form compatible with
OpenSSL. See [sectref "Certificate Validation"] for more details.

[list_end]

[subsection "When are command line options needed?"]

By default, a client TLS connection does [emph NOT] validate the server certificate
chain. This limitation is due to the lack of a common cross platform
database of Certificate Authority (CA) provided certificates to validate
against. Many Linux systems natively support OpenSSL and thus have these
certificates installed as part of the OS, but MacOS and Windows do not. In
order to use the [option -require] option, one of the following must be true:

[list_begin itemized]

[item]
On Linux and Unix systems with OpenSSL already installed, if the CA
certificates are stored in the standard locations, or if the [var SSL_CERT_DIR]
or [var SSL_CERT_FILE] environment variables are set, then [option -cadir],
[option -cadir], and [option -castore] aren't needed.

[item]
If OpenSSL is not installed in the default location, or when using Mac OS
or Windows and OpenSSL is installed, the [var SSL_CERT_DIR] and/or 
[var SSL_CERT_FILE] environment variables or the one of the [option -cadir],
[option -cadir], or [option -castore] options must be defined.

[item]
On Windows, starting in OpenSSL 3.2, it is now possible to access the
built-in Windows Certificate Store from OpenSSL. This can be achieved by
setting the [option -castore] option to "[const org.openssl.winstore://]".

[item]
If OpenSSL is not installed, the CA certificates must be downloaded and
installed with the user software. The CURL team makes them available at
[uri "https://curl.se/docs/caextract.html" "CA certificates extracted
from Mozilla"] in the [file cacert.pem] file. You must then either set the
[var SSL_CERT_DIR] and/or [var SSL_CERT_FILE] environment variables or the
[option -cadir] or [option -cafile] options to the CA cert file's install
location. It is your responsibility to keep this file up to date.

[list_end]

[section "Callback Options"]

As previously described, each channel can be given their own callbacks
to handle intermediate processing by the OpenSSL library, using the
[option -command], [option -password], and [option -validate_command] options
passed to either of [cmd tls::socket] or [cmd tls::import].
Unlike previous versions of TclTLS, only if the callback generates an error,
will the [syscmd bgerror] command be invoked with the error information.

[subsection "Values for Command Callback"]

The callback for the [option -command] option is invoked at several points during the
OpenSSL handshake and during routine operations. See below for the possible
arguments passed to the callback script. Values returned from the callback are
ignored.
	
[list_begin options]

[opt_def error [arg "channelId message"]]
This form of callback is invoked whenever an error occurs during the initial
connection, handshake, or I/O operations. The [arg message] argument can be
from the Tcl_ErrnoMsg, OpenSSL function [fun ERR_reason_error_string()],
or a custom message. This callback is new for TclTLS 1.8.

[opt_def info [arg "channelId major minor message type"]]
This form of callback is invoked by the OpenSSL function
[fun SSL_set_info_callback()] during the initial connection and handshake
operations. The arguments are:

[list_begin definitions]

[def [arg major]]
Major category for error. Valid enums are: [const handshake], [const alert],
[const connect], [const accept].

[def [arg minor]]
Minor category for error. Valid enums are: [const start], [const done], [const read],
[const write], [const loop], [const exit].

[def [arg message]]
Descriptive message string which may be generated either by
[fun SSL_state_string_long()] or [fun SSL_alert_desc_string_long()],
depending on the context.

[def [arg type]]
For alerts, the possible values are: [const warning],
[const fatal], and [const unknown]. For others, [const info] is used.
This argument is new for TclTLS 1.8. 

[list_end]

[opt_def message [arg "channelId direction version content_type message"]]
This form of callback is invoked by the OpenSSL function
[fun SSL_set_msg_callback()] whenever a message is sent or received during the
initial connection, handshake, or I/O operations. It is only available when
OpenSSL is complied with the [const enable-ssl-trace] option. This callback is
new for TclTLS 1.8. The arguments are:

[list_begin definitions]

[def [arg direction]]
Direction is either [const Sent] or [const Received].

[def [arg version]]
Version is the protocol version.

[def [arg content_type]]
Content type is the message content type.

[def [arg message]]
Message is more info from the [const SSL_trace] API.
This argument is new for TclTLS 1.8.

[list_end]

[opt_def session [arg "channelId session_id session_ticket lifetime"]]
This form of callback is invoked by the OpenSSL function
[fun SSL_CTX_sess_set_new_cb()] whenever a new session id is sent by the
server during the initial connection and handshake and also during the session
if the [option -post_handshake] option is set to true. This callback is new for
TclTLS 1.8. The arguments are:

[list_begin definitions]

[def [arg session_id]]
Session Id is the current session identifier

[def [arg session_ticket]]
Ticket is the session ticket info

[def [arg lifetime]]
Lifetime is the ticket lifetime in seconds.

[list_end]

[opt_def verify [arg "channelId depth cert status error"]]
This callback was moved to the [option -verify_callback] in TclTLS 1.8.

[list_end]

[subsection "Values for Password Callback"]

The callback for the [option -password] option is invoked by TclTLS whenever OpenSSL needs
to obtain a password. See below for the possible arguments passed to the
callback script. The user provided password is expected to be returned by the
callback.
	
[list_begin options]

[opt_def password [arg "rwflag size"]]
Invoked when loading or storing an encrypted PEM certificate. The arguments are:

[list_begin definitions]

[def [arg rwflag]]
The read/write flag is 0 for reading/decryption or 1 for writing/encryption.
The latter can be used to determine when to prompt the user to confirm.
This argument is new for TclTLS 1.8.

[def [arg size]]
The size is the maximum length of the password in bytes.
This argument is new for TclTLS 1.8.

[list_end]

[list_end]

[subsection "Values for Validate Command Callback"]

The callback for the [option -validatecommand] option is invoked during the handshake
process in order for the application to validate the provided value(s). See
below for the possible arguments passed to the callback script. If not
specified, OpenSSL will accept all valid certificates and extensions. To reject
the value and abort the connection, the callback should return 0. To accept the
value and continue the connection, it should return 1. To reject the value, but
continue the connection, it should return 2. This callback is new for TclTLS 1.8.
	
[list_begin options]

[opt_def alpn [arg "channelId protocol match"]]
For servers, this form of callback is invoked when the client ALPN extension is
received. If [arg match] is true, then [arg protocol] is the first
[option -alpn] protocol option in common to both the client and server.
If not, the first client specified protocol is used. This callback is called
after the Hello and ALPN callbacks.

[opt_def hello [arg "channelId servername"]]
For servers, this form of callback is invoked during client hello message
processing. The purpose is so the server can select the appropriate certificate
to present to the client, and to make other configuration adjustments relevant
to that server name and its configuration. It is called before the SNI and ALPN
callbacks.

[opt_def sni [arg "channelId servername"]]
For servers, this form of callback is invoked when the Server Name Indication
(SNI) extension is received. The [arg servername] argument is the client
provided server name specified in the [option -servername</b>] option. The
purpose is so when a server supports multiple names, the right certificate
can be used. It is called after the hello callback but before the ALPN
callback.

[opt_def verify [arg "channelId depth cert status error"]]
This form of callback is invoked by OpenSSL when a new certificate is received
from the peer. It allows the client to check the certificate verification
results and choose whether to continue or not. It is called for each
certificate in the certificate chain. This callback was moved from
[option -command] in TclTLS 1.8. The arguments are:

[list_begin definitions]

[def [arg depth]]
The depth is the integer depth of the certificate in the certificate chain,
where 0 is the peer certificate and higher values going up to the Certificate
Authority (CA).

[def [arg cert]]
The cert argument is a list of key-value pairs similar to those returned by
[cmd tls::status].

[def [arg status]]
The status argument is the boolean validity of the current certificate where 0
is invalid and 1 is valid.

[def [arg error]]
The error argument is the error message, if any, generated by
[fun X509_STORE_CTX_get_error()].

[list_end]

[list_end]

Reference implementations of these callbacks are provided in [file tls.tcl]
as [cmd tls::callback], [cmd tls::password], and [cmd tls::validate_command]
respectively. Note that these are only [emph sample] implementations. In a more
realistic deployment you would specify your own callback scripts on each TLS
channel using the [option -command], [option -password], and
[option -validate_command] options.

[para]

The default behavior when the [option -command] and [option -validate_command]
options are not specified, is for TclTLS to process the associated library
callbacks internally. The default behavior when the [option -password] option
is not specified is for TclTLS to process the associated library callbacks by
attempting to call [cmd tls::password]. The difference between these two
behaviors is a consequence of maintaining compatibility with earlier
implementations.

[para]

[emph "The use of the reference callbacks [cmd tls::callback], [cmd tls::password],
and [cmd tls::validate_command] is not recommended. They may be removed from future releases."]

[section Debug]

For most debugging needs, the [option -callback] option can be used to provide
sufficient insight and information on the TLS handshake and progress. If
further troubleshooting insight is needed, the compile time option
[option --enable-debug] can be used to get detailed execution flow status.

[para]

TLS key logging can be enabled by setting the environment variable
[var SSLKEYLOGFILE] to the name of the file to log to. Then whenever TLS key
material is generated or received it will be logged to the file. This is useful
for logging key data for network logging tools to use to decrypt the data.

[para]

The [var tls::debug] variable provides some additional control over these
reference callbacks. Its value is zero by default. Higher values produce more
diagnostic output, and will also force the verify method in [cmd tls::callback]
to accept the certificate, even when it is invalid if the
[option -validatecommand] option is set to [cmd tls::validate_command].

[para]

[emph "The use of the variable [var tls::debug] is not recommended.
It may be removed from future releases."]

[section "Debug Examples"]

These examples use the default Unix platform SSL certificates. For standard
installations, -cadir and -cafile should not be needed. If your certificates
are in non-standard locations, update -cadir or use -cafile as needed.

[para]

Example #1: Use HTTP package

[example {

package require http
package require tls
set url "https://www.tcl.tk/"

http::register https 443 [list ::tls::socket -autoservername true -require true -cadir /etc/ssl/certs \
    -command ::tls::callback -password ::tls::password -validatecommand ::tls::validate_command]

# Check for error
set token [http::geturl $url]
if {[http::status $token] ne "ok"} {
    puts [format "Error %s" [http::status $token]]
}

# Get web page
set data [http::data $token]
puts [string length $data]

# Cleanup
::http::cleanup $token
}]

Example #2: Use raw socket

[example {

package require tls

set url "www.tcl-lang.org"
set port 443

set ch [tls::socket -autoservername 1 -servername $url -request 1 -require 1 \
    -alpn {http/1.1} -cadir /etc/ssl/certs -command ::tls::callback \
    -password ::tls::password -validatecommand ::tls::validate_command $url $port]
chan configure $ch -buffersize 65536
tls::handshake $ch

puts $ch "GET / HTTP/1.1"
flush $ch
after 500
set data [read $ch]

array set status [tls::status $ch]
array set conn [tls::connection $ch]
array set chan [chan configure $ch]
close $ch
parray status
parray conn
parray chan
}]

[section "HTTP Package Examples"]

These examples use the default Unix platform SSL certificates. For standard
installations, -cadir and -cafile should not be needed. If your certificates
are in non-standard locations, set -cadir or use -cafile as needed.

[para]

Example #3: Get web page

[example {

package require http
package require tls
set url "https://www.tcl.tk/"

http::register https 443 [list ::tls::socket -autoservername true -require true -cadir /etc/ssl/certs]

# Check for error
set token [http::geturl $url]
if {[http::status $token] ne "ok"} {
    puts [format "Error %s" [http::status $token]]
}

# Get web page
set data [http::data $token]
puts $data

# Cleanup
::http::cleanup $token
}]

Example #4: Download file

[example {

package require http
package require tls

set url "https://wiki.tcl-lang.org/sitemap.xml"
set filename [file tail $url]

http::register https 443 [list ::tls::socket -autoservername true -require true -cadir /etc/ssl/certs]

# Get file
set ch [open $filename wb]
set token [::http::geturl $url -blocksize 65536 -channel $ch]

# Cleanup
close $ch
::http::cleanup $token
}]

[section "Special Considerations"]

The capabilities of this package can vary enormously based upon how the
linked to OpenSSL library was configured and built. New versions may obsolete
older protocol versions, add or remove ciphers, change default values, etc.
Use the [cmd tls::protocols] commands to obtain the supported
protocol versions.

[manpage_end]